Snowflake-Labs · sfc-gh-jmichalak · Jul 22, 2024 · Jul 8, 2024 · Jul 9, 2024 · Jul 9, 2024
diff --git a/MIGRATION_GUIDE.md b/MIGRATION_GUIDE.md
@@ -21,6 +21,34 @@ Changes:
 - `pattern` was renamed to `like`
 - output of SHOW is enclosed in `show_output`, so before, e.g. `roles.0.comment` is now `roles.0.show_output.0.comment`
 
+### *(new feature)* new snowflake_account_role resource
+
+Already existing `snowflake_role` was deprecated in favor of the new `snowflake_account_role`. The old resource got upgraded to
+have the same features as the new one. The only difference is the deprecation message on the old resource.
+
+New fields:
+- added `show_output` field that holds the response from SHOW ROLES. Remember that the field will be only recomputed if one of the fields (`name` or `comment`) are changed.
+
+### *(breaking change)* refactored snowflake_roles data source
+
+Changes:
+- New `in_class` filtering option to filter out roles by class name, e.g. `in_class = "SNOWFLAKE.CORE.BUDGET"`
+- `pattern` was renamed to `like`
+- output of SHOW is enclosed in `show_output`, so before, e.g. `roles.0.comment` is now `roles.0.show_output.0.comment`
+
+### *(new feature)* snowflake_streamlit resource
+Added a new resource for managing streamlits. See reference [docs](https://docs.snowflake.com/en/sql-reference/sql/create-streamlit). In this resource, we decided to split `ROOT_LOCATION` in Snowflake to two fields: `stage` representing stage fully qualified name and `directory_location` containing a path within this stage to root location.
+
+### *(new feature)* snowflake_streamlits datasource
+Added a new datasource enabling querying and filtering stremlits. Notes:
+- all results are stored in `streamlits` field.
+- `like`, `in`, and `limit` fields enable streamlits filtering.
+- SHOW STREAMLITS output is enclosed in `show_output` field inside `streamlits`.
+- Output from **DESC STREAMLIT** (which can be turned off by declaring `with_describe = false`, **it's turned on by default**) is enclosed in `describe_output` field inside `streamlits`.
+  **DESC STREAMLIT** returns different properties based on the integration type. Consult the documentation to check which ones will be filled for which integration.
+  The additional parameters call **DESC STREAMLIT** (with `with_describe` turned on) **per streamlit** returned by **SHOW STREAMLITS**.
+  It's important to limit the records and calls to Snowflake to the minimum. That's why we recommend assessing which information you need from the data source and then providing strong filters and turning off additional fields for better plan performance.
+
 ## v0.92.0 ➞ v0.93.0
 
 ### general changes
@@ -47,10 +75,10 @@ See reference [doc](https://docs.snowflake.com/en/sql-reference/sql/create-secur
 
 ### *(new feature)* snowflake_oauth_integration_for_custom_clients and snowflake_oauth_integration_for_partner_applications resources
 
-To enhance clarity and functionality, the new resources `snowflake_oauth_integration_for_custom_clients` and `snowflake_oauth_integration_for_partner_applications` have been introduced 
+To enhance clarity and functionality, the new resources `snowflake_oauth_integration_for_custom_clients` and `snowflake_oauth_integration_for_partner_applications` have been introduced
 to replace the previous `snowflake_oauth_integration`. Recognizing that the old resource carried multiple responsibilities within a single entity, we opted to divide it into two more specialized resources.
-The newly introduced resources are aligned with the latest Snowflake documentation at the time of implementation, and adhere to our [new conventions](#general-changes). 
-This segregation was based on the `oauth_client` attribute, where `CUSTOM` corresponds to `snowflake_oauth_integration_for_custom_clients`, 
+The newly introduced resources are aligned with the latest Snowflake documentation at the time of implementation, and adhere to our [new conventions](#general-changes).
+This segregation was based on the `oauth_client` attribute, where `CUSTOM` corresponds to `snowflake_oauth_integration_for_custom_clients`,
 while other attributes align with `snowflake_oauth_integration_for_partner_applications`.
 
 ### *(new feature)* snowflake_security_integrations datasource
@@ -105,7 +133,7 @@ The fields listed below had diff suppress which removed '-' from strings. Now, t
 ### *(new feature)* snowflake_saml2_integration resource
 
 The new `snowflake_saml2_integration` is introduced and deprecates `snowflake_saml_integration`. It contains new fields
-and follows our new conventions making it more stable. The old SAML integration wasn't changed, so no migration needed, 
+and follows our new conventions making it more stable. The old SAML integration wasn't changed, so no migration needed,
 but we recommend to eventually migrate to the newer counterpart.
 
 ### snowflake_scim_integration resource changes

diff --git a/docs/data-sources/streamlits.md b/docs/data-sources/streamlits.md
@@ -0,0 +1,177 @@
+---
+page_title: "snowflake_streamlits Data Source - terraform-provider-snowflake"
+subcategory: ""
+description: |-
+  Datasource used to get details of filtered streamlits. Filtering is aligned with the current possibilities for SHOW STREAMLITS https://docs.snowflake.com/en/sql-reference/sql/show-streamlits query (only like is supported). The results of SHOW and DESCRIBE are encapsulated in one output collection streamlits.
+---
+
+!> **V1 release candidate** This resource was reworked and is a release candidate for the V1. We do not expect significant changes in it before the V1. We will welcome any feedback and adjust the resource if needed. Any errors reported will be resolved with a higher priority. We encourage checking this resource out before the V1 release. Please follow the [migration guide](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md#v0930--v0940) to use it.
+
+# snowflake_streamlits (Data Source)
+
+Datasource used to get details of filtered streamlits. Filtering is aligned with the current possibilities for [SHOW STREAMLITS](https://docs.snowflake.com/en/sql-reference/sql/show-streamlits) query (only `like` is supported). The results of SHOW and DESCRIBE are encapsulated in one output collection `streamlits`.
+
+## Example Usage
+
+```terraform
+# Simple usage
+data "snowflake_streamlits" "simple" {
+}
+
+output "simple_output" {
+  value = data.snowflake_streamlits.simple.streamlits
+}
+
+# Filtering (like)
+data "snowflake_streamlits" "like" {
+  like = "streamlit-name"
+}
+
+output "like_output" {
+  value = data.snowflake_streamlits.like.streamlits
+}
+
+# Filtering by prefix (like)
+data "snowflake_streamlits" "like_prefix" {
+  like = "prefix%"
+}
+
+output "like_prefix_output" {
+  value = data.snowflake_streamlits.like_prefix.streamlits
+}
+
+# Filtering (limit)
+data "snowflake_streamlits" "limit" {
+  limit {
+    rows = 10
+    from = "prefix-"
+  }
+}
+
+output "limit_output" {
+  value = data.snowflake_streamlits.limit.streamlits
+}
+
+# Filtering (in)
+data "snowflake_streamlits" "in" {
+  in {
+    database = "database"
+  }
+}
+
+output "in_output" {
+  value = data.snowflake_streamlits.in.streamlits
+}
+
+# Without additional data (to limit the number of calls make for every found streamlit)
+data "snowflake_streamlits" "only_show" {
+  # with_describe is turned on by default and it calls DESCRIBE STREAMLIT for every streamlit found and attaches its output to streamlits.*.describe_output field
+  with_describe = false
+}
+
+output "only_show_output" {
+  value = data.snowflake_streamlits.only_show.streamlits
+}
+
+# Ensure the number of streamlits is equal to at least one element (with the use of postcondition)
+data "snowflake_streamlits" "assert_with_postcondition" {
+  like = "streamlit-name%"
+  lifecycle {
+    postcondition {
+      condition     = length(self.streamlits) > 0
+      error_message = "there should be at least one streamlit"
+    }
+  }
+}
+
+# Ensure the number of streamlits is equal to at exactly one element (with the use of check block)
+check "streamlit_check" {
+  data "snowflake_streamlits" "assert_with_check_block" {
+    like = "streamlit-name"
+  }
+
+  assert {
+    condition     = length(data.snowflake_streamlits.assert_with_check_block.streamlits) == 1
+    error_message = "streamlits filtered by '${data.snowflake_streamlits.assert_with_check_block.like}' returned ${length(data.snowflake_streamlits.assert_with_check_block.streamlits)} streamlits where one was expected"
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `in` (Block List, Max: 1) IN clause to filter the list of streamlits (see [below for nested schema](#nestedblock--in))
+- `like` (String) Filters the output with **case-insensitive** pattern, with support for SQL wildcard characters (`%` and `_`).
+- `limit` (Block List, Max: 1) Limits the number of rows returned. If the `limit.from` is set, then the limit wll start from the first element matched by the expression. The expression is only used to match with the first element, later on the elements are not matched by the prefix, but you can enforce a certain pattern with `starts_with` or `like`. (see [below for nested schema](#nestedblock--limit))
+- `with_describe` (Boolean) Runs DESC STREAMLIT for each streamlit returned by SHOW STREAMLITS. The output of describe is saved to the description field. By default this value is set to true.
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+- `streamlits` (List of Object) Holds the aggregated output of all streamlits details queries. (see [below for nested schema](#nestedatt--streamlits))
+
+<a id="nestedblock--in"></a>
+### Nested Schema for `in`
+
+Optional:
+
+- `account` (Boolean) Returns records for the entire account.
+- `database` (String) Returns records for the current database in use or for a specified database (db_name).
+- `schema` (String) Returns records for the current schema in use or a specified schema (schema_name).
+
+
+<a id="nestedblock--limit"></a>
+### Nested Schema for `limit`
+
+Required:
+
+- `rows` (Number) The maximum number of rows to return.
+
+Optional:
+
+- `from` (String) Specifies a **case-sensitive** pattern that is used to match object name. After the first match, the limit on the number of rows will be applied.
+
+
+<a id="nestedatt--streamlits"></a>
+### Nested Schema for `streamlits`
+
+Read-Only:
+
+- `describe_output` (List of Object) (see [below for nested schema](#nestedobjatt--streamlits--describe_output))
+- `show_output` (List of Object) (see [below for nested schema](#nestedobjatt--streamlits--show_output))
+
+<a id="nestedobjatt--streamlits--describe_output"></a>
+### Nested Schema for `streamlits.describe_output`
+
+Read-Only:
+
+- `default_packages` (String)
+- `external_access_integrations` (Set of String)
+- `external_access_secrets` (String)
+- `import_urls` (Set of String)
+- `main_file` (String)
+- `name` (String)
+- `query_warehouse` (String)
+- `root_location` (String)
+- `title` (String)
+- `url_id` (String)
+- `user_packages` (Set of String)
+
+
+<a id="nestedobjatt--streamlits--show_output"></a>
+### Nested Schema for `streamlits.show_output`
+
+Read-Only:
+
+- `comment` (String)
+- `created_on` (String)
+- `database_name` (String)
+- `name` (String)
+- `owner` (String)
+- `owner_role_type` (String)
+- `query_warehouse` (String)
+- `schema_name` (String)
+- `title` (String)
+- `url_id` (String)
diff --git a/docs/resources/saml2_integration.md b/docs/resources/saml2_integration.md
@@ -68,8 +68,8 @@ resource "snowflake_saml2_integration" "test" {
 - `saml2_post_logout_redirect_url` (String) The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.
 - `saml2_requested_nameid_format` (String) The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. Valid options are: [urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos urn:oasis:names:tc:SAML:2.0:nameid-format:persistent urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
 - `saml2_sign_request` (String) The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.
-- `saml2_snowflake_acs_url` (String) The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
-- `saml2_snowflake_issuer_url` (String) The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
+- `saml2_snowflake_acs_url` (String) The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Because Okta does not support underscores in URLs, the underscore in the account name must be converted to a hyphen. See [docs](https://docs.snowflake.com/en/user-guide/organizations-connect#okta-urls).
+- `saml2_snowflake_issuer_url` (String) The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Because Okta does not support underscores in URLs, the underscore in the account name must be converted to a hyphen. See [docs](https://docs.snowflake.com/en/user-guide/organizations-connect#okta-urls).
 - `saml2_sp_initiated_login_page_label` (String) The string containing the label to display after the Log In With button on the login page. If this field changes value from non-empty to empty, the whole resource is recreated because of Snowflake limitations.
 
 ### Read-Only

diff --git a/docs/resources/streamlit.md b/docs/resources/streamlit.md
@@ -0,0 +1,106 @@
+---
+page_title: "snowflake_streamlit Resource - terraform-provider-snowflake"
+subcategory: ""
+description: |-
+  Resource used to manage streamlits objects. For more information, check streamlit documentation https://docs.snowflake.com/en/sql-reference/commands-streamlit.
+---
+
+!> **V1 release candidate** This resource was reworked and is a release candidate for the V1. We do not expect significant changes in it before the V1. We will welcome any feedback and adjust the resource if needed. Any errors reported will be resolved with a higher priority. We encourage checking this resource out before the V1 release. Please follow the [migration guide](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md#v0930--v0940) to use it.
+
+# snowflake_streamlit (Resource)
+
+Resource used to manage streamlits objects. For more information, check [streamlit documentation](https://docs.snowflake.com/en/sql-reference/commands-streamlit).
+
+## Example Usage
+
+```terraform
+# basic resource
+resource "snowflake_streamlit" "streamlit" {
+  database  = "database"
+  schema    = "schema"
+  name      = "streamlit"
+  stage     = "streamlit_db.streamlit_schema.streamlit_stage"
+  main_file = "/streamlit_main.py"
+}
+# resource with all fields set
+resource "snowflake_streamlit" "streamlit" {
+  database                     = "database"
+  schema                       = "schema"
+  name                         = "streamlit"
+  stage                        = "streamlit_db.streamlit_schema.streamlit_stage"
+  directory_location           = "src"
+  main_file                    = "streamlit_main.py"
+  query_warehouse              = "warehouse"
+  external_access_integrations = ["integration_id"]
+  title                        = "title"
+  comment                      = "comment"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `database` (String) The database in which to create the streamlit
+- `main_file` (String) Specifies the filename of the Streamlit Python application. This filename is relative to the value of `root_location`
+- `name` (String) String that specifies the identifier (i.e. name) for the streamlit; must be unique in your account.
+- `schema` (String) The schema in which to create the streamlit.
+- `stage` (String) The stage in which streamlit files are located.
+
+### Optional
+
+- `comment` (String) Specifies a comment for the streamlit.
+- `directory_location` (String) Specifies the full path to the named stage containing the Streamlit Python files, media files, and the environment.yml file.
+- `external_access_integrations` (Set of String) External access integrations connected to the Streamlit.
+- `query_warehouse` (String) Specifies the warehouse where SQL queries issued by the Streamlit application are run.
+- `title` (String) Specifies a title for the Streamlit app to display in Snowsight.
+
+### Read-Only
+
+- `describe_output` (List of Object) Outputs the result of `DESCRIBE STREAMLIT` for the given streamlit. (see [below for nested schema](#nestedatt--describe_output))
+- `id` (String) The ID of this resource.
+- `show_output` (List of Object) Outputs the result of `SHOW STREAMLIT` for the given streamli. (see [below for nested schema](#nestedatt--show_output))
+
+<a id="nestedatt--describe_output"></a>
+### Nested Schema for `describe_output`
+
+Read-Only:
+
+- `default_packages` (String)
+- `external_access_integrations` (Set of String)
+- `external_access_secrets` (String)
+- `import_urls` (Set of String)
+- `main_file` (String)
+- `name` (String)
+- `query_warehouse` (String)
+- `root_location` (String)
+- `title` (String)
+- `url_id` (String)
+- `user_packages` (Set of String)
+
+
+<a id="nestedatt--show_output"></a>
+### Nested Schema for `show_output`
+
+Read-Only:
+
+- `comment` (String)
+- `created_on` (String)
+- `database_name` (String)
+- `name` (String)
+- `owner` (String)
+- `owner_role_type` (String)
+- `query_warehouse` (String)
+- `schema_name` (String)
+- `title` (String)
+- `url_id` (String)
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+# format is database name | schema name | streamlit name
+terraform import snowflake_streamlit.example 'dbName|schemaName|streamlitName'
+```